After data breach, $10B valued startup Mercor is having a month
Source: TechCrunch
Background
Six months ago, Mercor was flying high after raising a massive $350 million Series C that valued the AI data‑training startup at $10 billion.
On March 31, the company admitted it was the target of a data breach.
Breach details
A hacker group claimed to have obtained 4 TB of stolen data from Mercor’s systems, including candidate profiles, personally identifiable information, employer data, source code, and API keys. Mercor has not confirmed the authenticity of the data, stating only that it is investigating and will continue to communicate with customers and contractors as appropriate.
The breach was traced to a hack of the open‑source tool LiteLLM. For about 40 minutes the tool harbored credential‑harvesting malware that stole login credentials, which were then used to access additional software and accounts in a chain reaction.
LiteLLM later published a complete report on the incident: .
Impact on partners
- Meta has paused its contracts with Mercor indefinitely, according to sources reported by Wired.
- OpenAI confirmed to Wired that it is investigating its exposure in Mercor’s breach but has not paused or ended its contracts.
- Other large model makers are reportedly reassessing their relationships with Mercor, though details remain unconfirmed.
Legal actions
Five of Mercor’s contractors have filed lawsuits over alleged personal data exposure (reported by Business Insider). One lawsuit, reviewed by TechCrunch, also named LiteLLM and the compliance startup Delve as defendants.
Related companies
- Delve – Accused by an anonymous whistleblower of falsifying data for security certifications and using rubber‑stamping auditors. Delve has denied the allegations but faced operational changes and was eventually severed from Y Combinator.
- LiteLLM – After the breach, LiteLLM ditched Delve and is now working with another AI compliance startup to obtain security certifications again.
Although Mercor was not a Delve customer, the fallout could affect its revenue. An anonymous source told The Information that Mercor was on pace to exceed $1 billion in annualized revenue earlier this year before the data leak.